1. Technical Field
The present disclosure relates generally to the processing of secure electronic messages and information. In particular, the instant disclosure is directed to a system and method for resolving mismatches that may occur between, for example, an e-mail address contained in the certificate of a sender or recipient of an electronic message, and the e-mail address actually used in the sender or recipient field of an e-mail.
2. Related Art
Exchanging secured electronic messages and data, such as, for example, e-mail messages, is well known. Secure electronic messaging may involve the use of digital signatures, encryption, or the like. For example, a recipient of an electronic message may verify that the sender of an electronic message is trusted by comparing the address of the sender to an address that may be contained in a certificate or certificate chain of the sender.
Some organizations, such as, for example, government agencies like the Department of Defense, are moving to systems in which a user has an e-mail address that they will keep for the life of their tenure with that organization. This sort of lifelong address will typically be contained within the user's certificate. As a user moves around within the organization, the address for their account may change, for example, based on location. For example, the lifelong address may appear as John.Doe@agency.gov, while the address being used when the user is working at a particular site within the organization may change to reflect the location of the user, for example, John.Doe@locationA.agency.gov. Thus, in this example, as John Doe moves about throughout the agency, the lifelong address of John Doe will not change, but John Doe's outlook address may change based on John Doe's location.
This arrangement can create many problems with signed electronic messages, such as, for example, S/MIME, because it depends on the e-mail address found in the user's certificate matching the e-mail address of the account for verification. In this example, if someone wants to send an e-mail to John Doe when he is stationed at location A, the system would search for the certificate containing the address John.Doe@locationA.agency.gov, but the address contained in John Doe's lifelong certificate is John.Doe@agency.gov. This difference will result in a mismatch. Similarly, if John Doe were to send a signed e-mail to someone, when the recipient attempts to verify it, the recipient will see the originating address is John.Doe@locationA.agency.gov, but the address in the certificate is John.Doe@agency.gov. Again, this will result as an e-mail mismatch error.
What is needed is a system and method for resolving the potential mismatch errors, for example, those that might occur in organizations that use lifelong e-mail addresses and shorter term addresses that are used as the user moves around within the organization.